Green Tractor Talk banner

1 - 12 of 12 Posts

·
Registered
Joined
·
3,749 Posts

·
Registered
Joined
·
1,965 Posts
Hiya,

It's not just Intel and not all Intel processors have the security risk. AMD, AWS, Nvidia also have the out of order execution branch process model, some of these are on the list too. The most popular Intel chip to have the issue is the "core" desktop/mobile CPU's such as i3, i5 and i7, some Xeon's and a few others.

The sky isn't falling here, for the most part, the performance hit for most end user systems is anticipated to be about 5 to 10% on some applications, not all.

intel cpu.JPG

The laptops I have are affected however, the Intel based HP Proliant servers and ARM based NAS arrays I have are not affected.

Here is some more technical reporting of the issue rather than sensationalized:

https://www.techrepublic.com/article/massive-intel-cpu-flaw-understanding-the-technical-details-of-meltdown-and-spectre/

CVE - CVE-2017-5753

CVE - CVE-2017-5715

https://www.kb.cert.org/vuls/id/584653
 

·
Registered
Joined
·
1,928 Posts
Hiya,

It's not just Intel and not all Intel processors have the security risk. AMD, AWS, Nvidia also have the out of order execution branch process model, some of these are on the list too. The most popular Intel chip to have the issue is the "core" desktop/mobile CPU's such as i3, i5 and i7, some Xeon's and a few others.

The sky isn't falling here, for the most part, the performance hit for most end user systems is anticipated to be about 5 to 10% on some applications, not all.

View attachment 522394

The laptops I have are affected however, the Intel based HP Proliant servers and ARM based NAS arrays I have are not affected.

Here is some more technical reporting of the issue rather than sensationalized:

https://www.techrepublic.com/article/massive-intel-cpu-flaw-understanding-the-technical-details-of-meltdown-and-spectre/

CVE - CVE-2017-5753

CVE - CVE-2017-5715

https://www.kb.cert.org/vuls/id/584653
Ok I’ll bite. How are your HP Proliant servers not affected?


Sent from my iPhone using Tapatalk
 

·
Registered
Joined
·
1,965 Posts
Ok I’ll bite. How are your HP Proliant servers not affected?


Sent from my iPhone using Tapatalk
Because my Xeon processors aren't in the list of the affected products. Like I said in my post, not all Intel CPU's have this issue, it appears that mainly the processors used for end user desktop and graphic processing, as far as I can tell at this point, are the ones most affected.

As my Proliants are running a Linux based hypervisor and have no GUI, I didn't spec the boxes with processors that are optimized for graphics and GUI's.

From the Intel support KB:
===========================================
Summary:
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.

As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.

Description:
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 6.x/7.x/8.x/9.x/10.x//11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.

Affected products:
1st, 2nd, 3rd, 4th, 5th, 6th, 7th & 8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor W Family
Intel® Pentium® Processor G Series
Intel® Atom® C3000 Processor Family
Apollo Lake Intel® Atom Processor E3900 series
Apollo Lake Intel® Pentium™
Celeron™ G, N and J series Processors
 

·
Old Pa-pa
Joined
·
11,419 Posts

·
Registered
Joined
·
1,965 Posts
Note: Ran across some speculation that it's an NSA *built into the chip* backdoor that hackers stumbled upon. :dunno:
From what's known currently, it's not a hardware "backdoor", it's an attack that leverages code in the OS that accesses the out of order execution branch, (normally used to optimize performance in predictable outcome instruction sets), the vector goal is to read/write from/to system memory with elevated perms.

If you want to have you hand at the NSA toolkit Vault 7:

https://wikileaks.org/ciav7p1/cms/index.html

Happy reading.... :)
 

·
Old Pa-pa
Joined
·
11,419 Posts
From what's known currently, it's not a hardware "backdoor", it's an attack that leverages code in the OS that accesses the out of order execution branch, (normally used to optimize performance in predictable outcome instruction sets), the vector goal is to read/write from/to system memory with elevated perms.
The flaw is in the Intel x86-64 hardware and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or go buy a new processor without the design blunder.

From what I read, the OS level *fix* will cost a 10% to 15% performance hit.

The dust ain't quite settled yet, however.

Crap sometimes just happens, but then again, sometimes crap is planned from the get-go. :laugh:
 

·
Registered
Joined
·
1,928 Posts
The flaw is in the Intel x86-64 hardware and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or go buy a new processor without the design blunder.

From what I read, the OS level *fix* will cost a 10% to 15% performance hit.

The dust ain't quite settled yet, however.

Crap sometimes just happens, but then again, sometimes crap is planned from the get-go. :laugh:
I was on a call today where 30% performance hits have been reported. All depends on the workload the server is running.


Sent from my iPhone using Tapatalk
 

·
Registered
Joined
·
1,965 Posts
I was on a call today where 30% performance hits have been reported. All depends on the workload the server is running.


Sent from my iPhone using Tapatalk
Ya the PostgreSQL guys are going to have a lot of fun with the 30+% hit with this attack vector. Thanks for the updated proc list from Intel, AMD is still in denial, I'm waiting for that shoe to drop. All the IT guys that dumped Intel and bought AMD yesterday are going to take a double hit. It's interesting that Mac hasn't said a word yet however their stuff has been running on Intel x64 core procs for a while so all their stuff is affected just like the PC makers. A lot of tablets and network hardware with Atom chip are going to really take a hit on this as they don't have the performance to begin with and even taking 5 or 10% away is going to be a big difference.

Of course, you could always overclock the proc to get the performance hit back. In all honesty, MHz is just like cubic inches in a drag race, you can never have too many. I've done a lot of performance analysis in large enterprise environments, next to storage performance, clock and bus speed always are what makes the difference.

I can see a major class action suit coming out of this, of course, the payout will be prorated so most people will get like $2.41 out of it.

I have a meeting tomorrow with the ESX guys about the 500+ Proliant pizza boxes and blades that run vSphere for virtual desktops, this is gonna be fun.

Maybe I'll drag out some of my old Alpha and Sparc boxes, we know none of those had predictive branching..... :unknown:
 

·
Registered
Joined
·
1,928 Posts
Ya the PostgreSQL guys are going to have a lot of fun with the 30+% hit with this attack vector. Thanks for the updated proc list from Intel, AMD is still in denial, I'm waiting for that shoe to drop. All the IT guys that dumped Intel and bought AMD yesterday are going to take a double hit. It's interesting that Mac hasn't said a word yet however their stuff has been running on Intel x64 core procs for a while so all their stuff is affected just like the PC makers. A lot of tablets and network hardware with Atom chip are going to really take a hit on this as they don't have the performance to begin with and even taking 5 or 10% away is going to be a big difference.

Of course, you could always overclock the proc to get the performance hit back. In all honesty, MHz is just like cubic inches in a drag race, you can never have too many. I've done a lot of performance analysis in large enterprise environments, next to storage performance, clock and bus speed always are what makes the difference.

I can see a major class action suit coming out of this, of course, the payout will be prorated so most people will get like $2.41 out of it.

I have a meeting tomorrow with the ESX guys about the 500+ Proliant pizza boxes and blades that run vSphere for virtual desktops, this is gonna be fun.

Maybe I'll drag out some of my old Alpha and Sparc boxes, we know none of those had predictive branching..... :unknown:
Oracle is probably thinking “If we only wouldn’t have killed off Sparc and Solaris.” Not that I’d buy them...

From what I’ve found Meltdown affects Intel processors only. The Spectre vulnerability affects Intel, AMD and ARM processors.

Check out https://meltdownattack.com and https://spectreattack.com

Good luck


Sent from my iPhone using Tapatalk
 
1 - 12 of 12 Posts
Top